주요 변경사항
아래는 node-tar 취약점인 CVE-2021-32803 과
CVE-2021-32804 에 대한 초기 보고 및 후속 수정과 관련된 node-tar, arborist, npm cli 모듈의 취약점입니다.
node-tar 모듈과 추가 외부 현상금 보고에 대한 후속 내부 보안 리뷰를 통해 node-tar 및 npm arborist를 포함한 핵심 npm CLI 종속성에서 또 다른 CVE 5개가 수정되었습니다.
자세한 내용은 아래의 링크에서 확인할 수 있습니다.
Commits
Windows 32-bit Installer: https://nodejs.org/dist/v14.17.6/node-v14.17.6-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v14.17.6/node-v14.17.6-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v14.17.6/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v14.17.6/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v14.17.6/node-v14.17.6.pkg
macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.6/node-v14.17.6-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v14.17.6/node-v14.17.6.tar.gz
Other release files: https://nodejs.org/dist/v14.17.6/
Documentation: https://nodejs.org/docs/v14.17.6/api/
SHASUMS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 8a809d7c75f9e695396b53aa95bcf8ec49b9ec5a993e82c02c2e067f48b89e81 node-v14.17.6-aix-ppc64.tar.gz e3e4c02240d74fb1dc8a514daa62e5de04f7eaee0bcbca06a366ece73a52ad88 node-v14.17.6-darwin-x64.tar.gz b8f94e44b56e7ff52ad9b9c7f2ec263a95aa06d5efcf67c663167588a8467bf6 node-v14.17.6-darwin-x64.tar.xz 7841543802bdf04c94d15a9c0eb3945d91c579da3ddf8c7056873f7c8cffec4b node-v14.17.6-headers.tar.gz 9429d544af0507c92f309fb1a0b7c2082b52846bdff3cd8aa039ada0461c95b9 node-v14.17.6-headers.tar.xz 3355eae15582be48f6be0910e279abbf2324f4538d3ccb2da7e66edab6e6b0fe node-v14.17.6-linux-arm64.tar.gz 9c4f3a651e03cd9b5bddd33a80e8be6a6eb15e518513e410bb0852a658699156 node-v14.17.6-linux-arm64.tar.xz 977e0ae2f6729f4feba5f75a4c317174bc9617610699afd2c478c7dff6c5ba13 node-v14.17.6-linux-armv7l.tar.gz 09ad804c7354ebaded407d0ce64e72e534801fc435be084af3e5b16b1a9c96d0 node-v14.17.6-linux-armv7l.tar.xz 180d13998617f1ef85beec008ef7fe49b30e0d2ecb2bd7897c1d51f95c803aa9 node-v14.17.6-linux-ppc64le.tar.gz 2f978fc75484fde36f44033dc726b7572d8e8cee460b9f278c855d6af5e85262 node-v14.17.6-linux-ppc64le.tar.xz 8a2e1ff691f8723ff740bc5d9dede29da58397c23955b9e43bb4d4831181235c node-v14.17.6-linux-s390x.tar.gz 3677f35b97608056013b5368f86eecdb044bdccc1b3976c1d4448736c37b6a0c node-v14.17.6-linux-s390x.tar.xz 19e376214450e93e58687198070b4ab46e42357032ec65f23a7e35b0e86ad6e2 node-v14.17.6-linux-x64.tar.gz 3bbe4faf356738d88b45be222bf5e858330541ff16bd0d4cfad36540c331461b node-v14.17.6-linux-x64.tar.xz 04687d7547b213b32bbae97e9d2841ad697fedabaa061f5d4462845b55af09c6 node-v14.17.6.pkg f64559c87faa2f1ce93c3d2cd09723af254ec320a53cbfd1a2ba8fba28e488d0 node-v14.17.6.tar.gz f458cd0b1cb1540611cb08709d833c0c59c74da79310ae1984cc8bad1404ad5e node-v14.17.6.tar.xz ee4f072532caebcc588cc535a3a972fa3b83cf0337509217ad0e3567fb785991 node-v14.17.6-win-x64.7z b83e9ce542fda7fc519cec6eb24a2575a84862ea4227dedc171a8e0b5b614ac0 node-v14.17.6-win-x64.zip ae75725bad06dc0bfa9929835d950026bb44336932bf6be374277d031a692825 node-v14.17.6-win-x86.7z 3e105bcb2234b5cc0b618c15fbd3f1b530be082dfa77d3e740544ee65b6cf784 node-v14.17.6-win-x86.zip e72ceb05c7596a6e381172369dce1c374a2b09ee739dca330be58f3977b5c03d node-v14.17.6-x64.msi 5a8225d7dbbe5707b183e89c2ff779a9db7826a94f83d99cd6c879ec60044c3f node-v14.17.6-x86.msi 3ce996581d1b357cbada188730da7966b69dc94bb0098ec38b3334764f309318 win-x64/node.exe e456fef578acd36eb661055445b4a06c81c47b2cfe0066619e7faa135137d4f6 win-x64/node.lib f4e7aa3997e065c89bef93b1e1f3804ee34eedd5c461ab515c1eeca6932ef03b win-x64/node_pdb.7z cf02c88f97dd8e404a34d8206a60354305368688dcce5b0fa963c424e2452c62 win-x64/node_pdb.zip 9838fe04cb24eafd3a65338790699517dbad2babc7c0b2d98884eda8ca45ee5a win-x86/node.exe 176a1b13a4cb1008d1aef1d862d9519ea3b3e412c98a08c013aa441c0054ee4d win-x86/node.lib 17fac76708d2336dda2790459daccc71c54a6eb5b585024f494dc575e8355dbd win-x86/node_pdb.7z 5a6dc153f8a7b0930875737ef76a68359b1d6431cfe6feef3736a538734e7436 win-x86/node_pdb.zip -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEDv/hvO/ZyE49CYFSkzsB9AtcqUYFAmEuQ/gACgkQkzsB9Atc qUaibwf+NbKm98uLvMQU8PAqIREjp5CNHSIetDCo2Wp1X9v2DaO0AK7J9xmzkp// gf9o1gGNnSqdt09lUOGp4/mr/3nW+9EncZ1gBKYtfiRloq+yLX7GSro7vCiDnqFn 19YbRhAsuIMO2Mx305nGJxTNTnhOhVH1IKhOfwuBeAfXCXm9sKmpEQViwev0LKzF ZyTH9mDYxyx3tLWdNf5OSNdTdWHTKJBHRJ/w5kLHE/EaDEQHX6G87vBhWzo0LuZz X9064TJlVAk0H9sHC/lztcNocr8J7nA91R70KGGerntKfFy4dvD86q0u2Ee+FKSs rfKqkcIgCr0rs2hadcEufW+8oR6XUw== =3xNG -----END PGP SIGNATURE-----